Why Digital Privacy Should Be Your 2018 New Year's Resolution

2017 was yet another year when we experienced the mass erosion of digital privacy. In fact, in some ways, it was the worst year yet.

Throughout the year, populations around the globe were subjected not only to an increasing amount of censorship at the hands of governments, but also to a crackdown on the technologies that allow them to circumvent those blocks.

In China and Russia, the use of Virtual Private Networks (VPNs) to overcome national blacklists of websites - now numbering over 3,000 in China - was heavily suppressed. In China, the Apple iTunes store became complicit by banning hundreds of commercial VPNs from the store. The result for Chinese citizens: a sudden inability to access VPNs.

In addition, Internet Service Providers (ISPs) began blocking websites and IP addresses associated with VPNs - including many local Chinese providers. This meant that local citizens were suddenly unable to circumvent the Great Firewall of China.

In Russia, the end of October signaled the start of a new law banning VPNs. The legislation requires ISPs to block all VPN websites and proxy services used in the nation to bypass state-imposed internet censorship. Add that to existing mandatory data retention in Russia, and you get a sense of how bad digital privacy is within the nation. What’s more, it is due to get much worse - on 1 July 2018 - with the introduction of the “Yarovaya Laws.” Those laws will build on:

“An already existing legislation mandating the ISPs and telecoms to cooperate with the investigative authorities and further increases the state’s surveillance discretion in the domain of digital communications.

“Among other things, the law prescribes that as of 1 July 2018 ISPs and other telecommunications companies store all telephone conversations, text messages, videos, and picture messages for six months. In addition, telecom companies must retain customers’ metadata - that is, information about with whom, when, for how long, and from where they communicated - for three years.

“The investigative authorities are allowed to access such data retroactively. Providers of telecommunication services are also legally obliged to help the investigative authorities decipher encrypted messages sent by users.”

From East to West

This year, government censorship spread like some sort of fungal infection. In Spain, the government blocked Catalonian websites designed to allow voters to find referendum polling stations. That controversy was shortly followed by merciless scenes of police brutality as the Spanish authorities enacted an iron will over the Catalonian electorate.

In May, 15 million Ukrainian citizens were suddenly locked out of their Vkontakte (VK.com) accounts (Russia’s version of Facebook). At that time, the Ukrainian government decided to impose a complete block on Russian websites, much to the dismay of the largely Russian-speaking nation.

In Africa, Egypt continued to impose website blackouts on Western news websites and other services. The majority of the African continent is exposed to dire censorship - some nations to a far more extreme level than Egypt.

In Europe, Turkey, Serbia, and Moldova, also continued to heavily censor the internet. Even Greece was found to have a significant level of censorship. In fact, 31 countries in Europe were found to have some level of censorship against BitTorrenting.

Surveillance Epidemic

In Britain, 2017 saw the introduction of the “Snooper's Charter”. That mandatory data retention law gives over a hundred British government organizations the power to access UK citizens' web browsing histories and metadata. ISPs must store data for a year on behalf of the government.

As if that wasn’t enough, Privacy International mounted a lawsuit against the UK government after gaining records proving that GCHQ intelligence (the UK’s version of the NSA) has been not only accessing data within millions of people's social media accounts but also sharing that with “industry partners.”

What's more, according to a study just published by Freedom House, social media was used to manipulate election results in 18 countries within the last 12 months alone. This proves that governments are not only using social media to harvest data but to affect opinions too.

Fast Decline

Violations of people’s digital privacy in the West is an ever growing problem. It has reached epidemic levels. In the UK, Australia, and many other locations, ISPs must now store web browsing histories against their will (and at great expense).

In fact, in Russia, it is believed that few ISPs will be able to comply with the new Yarovaya Laws. A Russian ISP called MTS has revealed that, given its current income figures, it will have to invest all of its profits into its data center infrastructure “for the next 100 years” in order to comply with the data retention law.

The US was, until this year, praised for not having mandatory data retention laws. As of March, however, things took a turn for the worse. In the US, the Trump administration has found the perfect loophole to appease ISPs. Rather than force ISPs to retain data on behalf of the government (which is extremely expensive) - it has gone one better - and given ISPs permission to sell consumers' data to third parties.

Sell It All

Giving ISPs permission to sell consumer web browsing histories to third parties has created a digital privacy nightmare in the US. That private data is extremely valuable. Given the privilege to sell it, ISPs have a reason to retain it indefinitely (as opposed to for a year or two, as is the case in the UK and Australia respectively).

In the US, data retention at the hands of ISPs is voluntary, not mandatory. This sounds better to the untrained ear. However, in reality, the incentive to retain data means the government gains the option to simply buy the records it wants from US telecom giants. After all, ISPs have been granted permission to sell that data to any third party: including the NSA, the CIA, and even China if they want.

In reality, this makes the US system far worse than that of other nations. In fact, the whole thing stinks of backdoor negotiations of the type that have no-doubt led the Federal Communications Commission (FCC) to be headed by Verizon’s ex-attorney Ajit Pai.

While we're on that subject, the US also appears to be inching its way closer to repealing net neutrality. That decision could seriously alter the face of the internet as we know it. It would give US telecom giants far greater control over the flow of data. Two likely results will be corporate censorship and expensive internet "fast lanes".

Surveillance Technology

2017 also saw an explosion of implants and smart devices. In Sweden, thousands of people decided to allow themselves to be chipped in order to ride public railway systems. In the US, a Wisconsin company chipped employees for the first time. For now, the decision to be chipped is voluntary, and there are legitimate benefits for chipping. However, security experts recently warned that hacking to kill could soon become a reality.

In addition, experts like Liz McIntyre from CAMCAT see what is happening as the beginning of a slippery slope. Who could blame them? Our phones already monitor us to within an inch of our lives. Now, important people like Mike Miller, Chief Executive of the World Olympians Association, are pushing for mandatory chipping. Miller has suggested compulsory chip implantation for athletes.

Dangerous Combinations

Another dangerous development for digital privacy has been the emergence of social reward schemes. Launched earlier this year, Carrot Rewards is a government-sponsored app that remunerates Canadian citizens with points for making healthy choices. The new app raises privacy concerns and is viewed as a huge leap towards a nanny state.

In China, a similar reward scheme, called Sesame Credits, rewards citizens with social currency points. Those points go up and down depending on whether tax has been paid or a driving penalty has been incurred. Good behavior is rewarded, and pro-government sentiment can lead to privileged booking rights at restaurants, improved borrowing allowances at local libraries, and even free loaner umbrellas.

Meanwhile, a bad social credit score can lead to penalties on career progression, blocks on gaining subsidies and benefits, penalties on asset ownership, and an inability to gain honorary titles from the government. What’s more, it is feared that in the future a bad score could lead to the revocation of bank fund access and an inability to travel.

For now, Carrot Rewards is far less invasive. However, the Canadian app does force citizens to give up private information about themselves. Carrot Rewards is yet another stepping stone towards a less private future.

The idea that these kinds of rewards schemes could eventually be accessible via implants rather than apps and smart cards is a real concern. The combination of the two technologies instantly rings alarms bells.

Invasive Toys

Internet of Things (IoT) technology is still in its infancy. Yet with over seven billion products already in the wild, there's cause for concern. According to researchers, one in six IoT devices is insecure. Sometimes this is because consumers don’t update default passwords. Other times, it's because of design flaws or poor database security on the manufacturer's side.

In July, the FBI issued a warning about smart toys spying on children. According to the public service announcement (PSA), devices with microphones, GPS tracking, WiFi, and/or Bluetooth connectivity can allow criminals to access private information about children and their families:

“The exposure of such information could create opportunities for child identity fraud. Additionally, the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks.”

Nor is it just children and parents who are at risk from IoT devices. A sex toy manufacturer called lovesense has admitted to accidentally recording audio during sexual encounters involving its devices. A white hat hacker in Berlin disclosed that he hacked similar devices that use the bluetooth low energy (BLE) networking protocol. According to Thomas Lomas, hacking and taking control of such devices is easy.

Smart Cities For Dumb Sheeple?

According to Privacy International, the smart devices that create a “Smart City” come with worrying fundamental concerns:

“Beyond the lack of clear vision and issues with the one-size-fits-all approach to so-called “smart cities,” we have observed the emergence of a narrative that says systematic data generation, collection and centralisation are the answers to all problems. This narrative – promoted by companies that sell data processing and artificial intelligence to local governments – has led to the very real and concrete transformation of our cities into increasingly surveilled spaces, as well as places of exclusion and discrimination.”

With the holiday season just around the corner, and reports already emerging that hundreds of gifts will have security and privacy flaws, the time to act is now!

Time for Change

People who want to take back their digital privacy need to think about the products they take into their homes. We've managed to survive with toasters, fridges, and kettles that weren’t connected for a long time.

Yes, owning futuristic products can be exciting, but think carefully about which products you really need. Which ones genuinely improve your quality of life? If the improvement seems necessary, then be my guest and buy a smart device. However, please be aware that a fridge that knows what you like is probably creating a database about you somewhere.

In addition, be sure to research the different manufacturers that are available, in order to get a product that is considered secure.

Also, please ensure that you treat your connected devices responsibly. You need to update connected devices with strong passwords to stop cybercriminals from hacking them. If you don’t, then you are partly to blame for attacks like Mirai! What’s more, you need to update smart devices regularly with manufacturer patches and updates. This is because manufacturers often discover vulnerabilities and need to fix them.

We are living in the age of data collection. Everyone wants a piece of that pie because it's worth a fortune. The best way to stop governments and ISPs from snooping on you is with a VPN. However, in order to protect your digital privacy, you're also going to need to start taking note of how you're being snooped on. Boycotting invasive products and services is the only way to make manufacturers pay attention.

Only by voting with our purchasing power can we show the beast that it must change.

Digital privacy expert with 4+ years experience testing and reviewing VPNs. He's been quoted in The Express, Barrons, the Scottish Herald, ThreatPost, CNET & many more. Ray is currently rated number 1 VPN authority by Agilience.com.